sin_serhao/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test
Some checks failed
/ perform flake analysis (push) Failing after 3h0m29s
Details

Browse Source
This commit is contained in:
Sin Ser'Hao
2026-01-27 20:40:20 +01:00
parent b3b8ffd90f
commit d7c765b80e
3 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/thea/authelia.nix
View File

@@ -49,6 +49,10 @@ in
access_control = {
default_policy = "deny";
rules = [
{
domain = "radarr.shobu.fr";
policy = "bypass";
}
{
domain = "*.shobu.fr";
policy = "one_factor";

24
hosts/thea/nginx.nix
View File

@@ -63,6 +63,23 @@ in
extraConfig = ''
include ${authelia-snippets.proxy};
include ${authelia-snippets.authelia-authrequest};
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# From https://gist.github.com/R0GGER/916183fca41f02df1471a6f455e5869f
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security "max-age=63072000; preload" always;
add_header Referrer-Policy strict-origin-when-cross-origin;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header Permissions-Policy interest-cohort=();
add_header Expect-CT 'enforce; max-age=604800';
more_set_headers 'Server: Proxy';
more_clear_headers 'X-Powered-By';
proxy_ssl_server_name on;
'';
};
@@ -137,9 +154,16 @@ in
enableACME = true;
forceSSL = true;
extraConfig = ''
# include ${authelia-snippets.authelia-location};
# error_log /var/log/nginx/debug_files.log debug;
'';
locations."/" = {
proxyPass = "http://${sin-address}:8086";
extraConfig = ''
# include ${authelia-snippets.proxy};
# include ${authelia-snippets.authelia-authrequest};
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 100M;
'';